Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Nov 2011 13:39:44 -0500
From: tom northcutt <tnorth@...il.com>
To: passwdqc-users@...ts.openwall.com
Subject: pwqcheck on OpenBSD and /etc/passwdqc.conf

It looks like pwqcheck on OpenBSD does not read /etc/passwdqc.conf or
/usr/local/etc/passwdqc.conf by default.
I'm not sure that it is even supposed to, but most of the
documentation suggests adding to /etc/login.conf default section:
":passwordcheck=/usr/local/bin/pwqcheck -1 :\"

Adding the "config=/path/" option does pick up the config settings
properly, i.e.:

     "  :passwordcheck=/usr/local/bin/pwqcheck -1 config=/etc/passwdqc.conf:\"

I took a look at the 1.2.2 source from the ports tree and didn't see
any references to /etc/passwdqc.conf other than in the makefile, but
it looks like that is just for the config file installation location.

Is pwqcheck supposed to read the /etc/passwdqc.conf by default?   If
not I can suggest to the OpenBSD package maintainer to document the
need for the "config=" option in the login.conf settings.

Thanks,

-Tom

--------
example:

$ pwqcheck -1
tbtt9qzyyu2a
OK

$ pwqcheck -1  config=/etc/passwdqc.conf
tbtt9qzyyu2a
Bad passphrase (not enough different characters or classes)

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ